Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'win32' = '<SYSTEM32>\Win32.exe'
- <SYSTEM32>\net1.exe stop SharedAccess
- <SYSTEM32>\net.exe stop "Firewall de Windows/Conexion compartida a Internet (ICS)"
- <SYSTEM32>\net1.exe stop "Firewall de Windows/Conexion compartida a Internet (ICS)"
- <SYSTEM32>\net.exe stop SharedAccess
- <SYSTEM32>\reg.exe add "HKLM\Software\Microsoft\Windows\CurrentVersion\Run" /v win32 /d "<SYSTEM32>\Win32.exe" /f
- <SYSTEM32>\net.exe stop "Security Center"
- <SYSTEM32>\net1.exe stop "Security Center"
- <SYSTEM32>\Win32.exe
- %TEMP%\bt66761.bat
- %TEMP%\bt66761.bat
- %TEMP%\bt66761.bat